World Cup 2014 fans are not the only ones with their eye on the ball
by Ziv Mador - Director of Security Research at Trustwave - Wednesday, 11 June 2014.
Taking it a step further, some malicious banners include a hidden link to an exploit kit such as Magnitude or Flashback enabling the attacker to change the malware they drop during the campaign at any time. The exploit kit can be updated with new exploits, thus keeping the attack effective over time. Moreover, they can program the exploit kit page do nothing bad in the first couple of hours or days so that the banner passes any automated security testing or quality control and add the malicious behavior to the exploit kit page later.

As the World Cup 2014 championship continues, the attack should serve as an eye opener for businesses whose employees may be taking breaks throughout the day to get the latest tournament updates. While we always recommend businesses hold security awareness education training to teach their employees about what not to click on, in this particular case, if employees simply visited the site, they could get infected. That is why we recommend the following course of action:

Antimalware technologies are critical. Businesses should have antimalware technologies in place such as gateways that can detect and filter out malware in real-time. That way if an employee does visit a site that contains a malicious ad, the technology will strip out the malware before the page even gets to the end-user.

Keep software up to date. Users should make sure they keep all their software updated with the latest patches. In this case, if the latest patch for Adobe Flash is installed, the exploit would fail. Itís not a simple task, but in order to minimize the chance of a successful exploit in your organization, administrators have to keep any software which consumes web-based content up to date. As revealed in our 2014 Trustwave Global Security Report, 85 percent of exploits detected were of third party plug-ins including Java, Adobe Flash and Acrobat Reader.

A recent Osterman Research survey of security professionals showed that malware has infiltrated 74% of organizations through the Web during the past year. Large sports events open the door to these kinds of attacks. Donít let your business be the next victim.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th